All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SA-ldapsearch.log is missing - AD domain not found

barisca009
New Member
‎09-21-2014 05:17 AM

Hi all,
In my test environment,
1 Domain controller windows server 2012 r2 , ip 172.16.1.10 , fqdn=spdc.nwtraders.msft
1 member server(windows server 2008 r2, .net 45 is installed , powershell 3 is installed) which splunk(splunk-6.1.3-220630-x64-release.msi) runs on it.

I have installed universal forwarder(splunkforwarder-6.1.3-220630-x64-release) on domain controller and have copied SA-ModularInput-PowerShell, Splunk_TA_windows, TA-DNSServer-NT6, TA-DomainController-2012R2 in C:\Program Files\SplunkUniversalForwarder\etc\apps folder.

powershell app,microsoft windows app,sa-ldapsearch app,windows infrastruce apps are installed on splunk instance which is run on member server.

Splunk has a receiver and listens on tcp 12345 which UF uses to forward data as well

When I try to detect; domain,domain controller,users,computers are not found

The configuration of ldap.conf(Program Files\Splunk\etc\apps\SA-ldapsearch\local) file is shown as below.

[nwtraders.msft]
server = spdc.nwtraders.msft
port = 389
ssl = false
basedn = DC=nwtraders,DC=msft
binddn = cn=Administrator,cn=Users,DC=nwtraders,DC=msft
password = Password1
alternatedomain = NWTRADERS

[default]
server = 172.16.1.10

SA-ldapsearch.log file is also missing! So I could not troubleshoot the issue.
Any help would be nice
Regards

Tags (3)
0 Karma
Reply

gpareesi11
Path Finder
‎06-30-2015 04:55 AM

Hi, can you try to modify your ldap.conf has follow:

[default]
server = spdc.nwtraders.msft
port = 389
ssl = false
basedn = DC=nwtraders,DC=msft
binddn = cn=Administrator,cn=Users,DC=nwtraders,DC=msft
password = Password1
alternatedomain = NWTRADERS

The SA-ldapsearch.log should be in $SPLUNK_HOME/var/log/splunk/SA-ldapsearch.log

Thank you

0 Karma
Reply

tjjones0362
Explorer
‎10-03-2014 08:53 AM

I'm having the same problem. Ever find a solution?

0 Karma
Reply

barisca009
New Member
‎09-25-2014 03:14 AM

At least, has anyone got and idea about why sa-ldapsearch.log is missing ?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...